package com.itheima.jdbc;

import org.junit.jupiter.api.Test;

import java.sql.*;

/*
    API详解:PreparedStatement
 */
public class JDBCDemo7_PreparedStatement {

    @Test
    public void testPreparedStatement() throws SQLException, InterruptedException {

        //2.获取连接 :如果连接的是本机mysql并且端口默认的3306 可以简化书写
        // useServerPrepStmts=true 参数开启预编译功能
        String url="jdbc:mysql:///test?useSSL=false&useServerPrepStmts=true";
        String username="root";
        String password="1234";
        Connection conn = DriverManager.getConnection(url, username, password);

        //接收用户输入 用户名和密码
        String name = "zhangsan";
        String pwd = "123";

        //定义sql
        String sql = "select * from tb_user where username=? and password=?";

        //获取pstmt对象
        PreparedStatement pstmt = conn.prepareStatement(sql);

        Thread.sleep(10000);

        //设置？的值
        pstmt.setString(1,name);
        pstmt.setString(2,pwd);
        ResultSet rs=null;
        //执行sql
         rs = pstmt.executeQuery();


        //设置？的值
        pstmt.setString(1,"aaa");
        pstmt.setString(2,"bbb");

        //执行sql
         rs = pstmt.executeQuery();


        //判断是否成功
        if (rs.next()) {
            System.out.println("登录成功");
        } else {
            System.out.println("登录失败");
        }
        rs.close();
        pstmt.close();
        conn.close();
    }

    /*
        PreparedStatement原理
     */
    @Test
    public void testPreparedStatement2() throws SQLException {

        //2.获取连接 :如果连接的是本机mysql并且端口默认的3306 可以简化书写
        String url="jdbc:mysql:///test?useSSL=false";
        String username="root";
        String password="1234";
        Connection conn = DriverManager.getConnection(url, username, password);

        //接收用户输入 用户名和密码
        String name = "zhangsan";
        String pwd = "' or '1' = '1";

        //定义sql
        String sql = "select * from tb_user where username=? and password=?";

        //获取pstmt对象
        PreparedStatement pstmt = conn.prepareStatement(sql);

        //设置？的值
        pstmt.setString(1,name);
        pstmt.setString(2,pwd);

        //执行sql
        ResultSet rs = pstmt.executeQuery();


        //判断是否成功
        if (rs.next()) {
            System.out.println("登录成功");
        } else {
            System.out.println("登录失败");
        }
        rs.close();
        pstmt.close();
        conn.close();
    }

}
